--- d:/工程/c projects/安全/缓冲区溢出/check_buffer_overflow/check_buffer_overflow/check.c
#include <string.h>
void function(char * str)
{
004113B0 push ebp //保存main函数中使用的ebp寄存器
004113B1 mov ebp,esp //将当前esp保存到ebp中,便于随后利用ebp索引传入函数参数
004113B3 sub esp,0DCh
004113B9 push ebx
004113BA push esi
004113BB push edi
004113BC lea edi,[ebp-0DCh]
004113C2 mov ecx,37h
004113C7 mov eax,0CCCCCCCCh
004113CC rep stos dword ptr es:[edi]
004113CE mov eax,dword ptr [___security_cookie (417000h)]
004113D3 xor eax,ebp
004113D5 mov dword ptr [ebp-4],eax
char buffer[16];
strcpy(buffer,str);
004113D8 mov eax,dword ptr [ebp+8]
004113DB push eax
004113DC lea ecx,[ebp-18h]
004113DF push ecx
004113E0 call @ILT+160(_strcpy) (4110A5h)
004113E5 add esp,8
}
--- d:/工程/c projects/安全/缓冲区溢出/check_buffer_overflow/check_buffer_overflow/check.c
void main()
{
00411460 push ebp //保存main函数前的ebp值
00411461 mov ebp,esp
00411463 sub esp,1D8h
00411469 push ebx
0041146A push esi
0041146B push edi
0041146C lea edi,[ebp-1D8h]
00411472 mov ecx,76h
00411477 mov eax,0CCCCCCCCh
0041147C rep stos dword ptr es:[edi]
0041147E mov eax,dword ptr [___security_cookie (417000h)]
00411483 xor eax,ebp
00411485 mov dword ptr [ebp-4],eax
char large_string[256];
int i;
for (i=0;i<255;i++)
00411488 mov dword ptr [ebp-114h],0
00411492 jmp main+43h (4114A3h)
00411494 mov eax,dword ptr [ebp-114h]
0041149A add eax,1
0041149D mov dword ptr [ebp-114h],eax
004114A3 cmp dword ptr [ebp-114h],0FFh
004114AD jge main+5Fh (4114BFh)
{
large_string[i]='A';
004114AF mov eax,dword ptr [ebp-114h]
004114B5 mov byte ptr [ebp+eax-108h],41h
}
004114BD jmp main+34h (411494h)
function(large_string);
004114BF lea eax,[ebp-108h]
004114C5 push eax
004114C6 call @ILT+170(_function) (4110AFh)
004114CB add esp,4
}